So the whole thing with certificates in Exchange is not a walk in the park and make sure you know what domain names you should request for when using autodiscover etc. I will not go into details how it works, but I would suggest anyone to read and understand this whitepaper by Microsoft. Below you’ll find some tips how to create CSR for Exchange 2007 and 2010.
I recommend you use thePowerShell cmdlet New-ExchangeCertificate. Digicert has been kind enough to create an online tool called Exchange 2007 CSR Tool to to get the correct command syntax and even though you don’t need to buy it from them, you can still use it.
New-ExchangeCertificate -GenerateRequest -Path c:\ExchangeCSR.csr -KeySize 2048 -SubjectName “c=SE, s=State, l=Cit, o=Organization, ou=Department, cn=webmail.lab.net” -DomainName webmail.lab.net, autodiscover.lab.net -PrivateKeyExportable $True
DigiCert also has an Exchange 2010 CSR Tool, and you can also use PowerShell, but there’s also a nice wizard built-in for Exchange 2010. There are several guides out there how to do it so I simply going to link to two of them, here (video) and here.